COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-8190

CVE-2024-8190

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-09-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-8190
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Players implicated

Ivanti · vendorCloud Services Appliance · product

Description

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Ivanti Neurons for ITSM (Formerly Service Manager) Ivanti Authorized vendor-exact · 0.90
Ivanti Neurons for MDM (Formerly MobileIron) Ivanti Authorized vendor-exact · 0.90